Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Brain Search
v1.1.0Search, retrieve, log, and manage past conversations, research, and job tasks in Frank's persistent Second Brain knowledge base.
⭐ 0· 698·4 current·4 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The documented API endpoints (search, create entries, tasks, files, jobs) match the skill's stated purpose of searching and managing a 'Second Brain'. However: the SKILL.md embeds an x-api-key value directly in every example rather than declaring it as a required credential; that is inconsistent with the registry metadata (which lists no required env vars) and is unusual for a per-user secret.
Instruction Scope
The instructions explicitly require the agent to execute real shell curl commands (not simulated) and to read and upload local files (examples use -F "file=@/path/to/file.jpg"). That means the skill's runtime behavior may read arbitrary local filesystem paths and transmit their contents to the remote host. The SKILL.md gives the agent broad discretion (always execute, always report HTTP responses) which increases the risk of unintended data disclosure.
Install Mechanism
No install spec or code files are included — instruction-only skills are lower risk in terms of writing/executing third-party code locally. There is no download or package installation that would increase risk.
Credentials
The document requires a header x-api-key: frank-sb-2026 for every request, which is a credential-like value embedded directly in SKILL.md rather than declared in requires.env or primary credential. This is disproportionate/unusual: a secret should be declared as an environment requirement or obtained per-user. A hardcoded, shared API key in the skill is a red flag (possible misuse, shared credential, or exfiltration target).
Persistence & Privilege
The skill does not set always: true and does not request system-wide config changes. It can be invoked autonomously (default), which is normal; combined with the earlier concerns (embedded key + shell execution + file upload), autonomous invocation increases potential blast radius if the skill is granted runtime exec privileges.
What to consider before installing
This skill appears to do what it claims (search/manage a 'Second Brain') but contains two concerning elements: 1) a hardcoded API key (x-api-key: frank-sb-2026) embedded in the instructions instead of being declared as a required credential; and 2) an explicit requirement that the agent must run real shell curl commands — including file uploads that reference local paths — which could allow reading and sending local files to the listed domain. Before installing or enabling this skill: - Ask the publisher why the API key is hardcoded and request a per-user credential (or move the key to requires.env) so you control it. - Confirm you trust the remote host (https://second-brain-chi-umber.vercel.app) and verify ownership/contact info; a homepage or owner info is missing. - If you permit the skill to run, restrict which files it may access and avoid granting broad shell/exec permission if you cannot trust the service. - If you need stronger assurance, request that the skill be rewritten to accept an env-provided API key and to use platform-native API adapters rather than instructing the agent to run arbitrary curl commands. If the publisher cannot justify the shared embedded key and the need to read/upload local files, treat the skill as unsafe to enable.Like a lobster shell, security has layers — review code before you run it.
latestvk971f2fektz6hz0azxd8fn2a5581fkhb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.